Start of new case 


Q1 


Does the draft guidance cover the relevant issues about the right of access? 
O) Yes 

© No 

©) Unsure / don't know 

If no or unsure/don’t know, what other issues would you like to be covered in it? 


It should be made clearer to the data subject they have no entitlement to full copies of documents solely 
the PII which maybe within the documents/systems. For example... and scenarios given for the private 
sector, not just financial/public sectors. We process a high number of SAR's and fundamentally data 
subjects expect a right to access all information not just personal information a private company may be 
processing or holding. No consideration is given to commercial sensitivity or risk to the business in 
providing all this information. Employee SAR's require further specific guidance many of which are used 
by third parties for fishing. If a SAR is made to seek information during a grievance, tribunal 
etc...confidentiality to other staff members named, whistleblowing, etc.. This guidance should be clear on 
what employment circumstances refusal maybe considered particually if it is clear the intention of the 
SAR is not for data protection purposes but to barter a settlement payment. 


Q2 


Does the draft guidance contain the right level of detail? 


() Yes 

Q) No 

©) Unsure / don't know 

If no or unsure/don't know, in what areas should there be more detail within the draft 
guidance? 

in general yes but there are still grey areas - See Q1 


Q3 Does the draft guidance contain enough examples? 
() Yes 
© No 
©.) Unsure / don't know 


If no or unsure/don’t know, please provide any examples that think should be included in 
the draft guidance. 


See Q1 for recommendations 


Q4 We have found that data protection professionals often struggle with applying and 
defining ‘manifestly 
unfounded or excessive’ subject access requests. We would like to include a wide 
range of examples 
from a variety of sectors to help you. Please provide some examples of manifestly 
unfounded and excessive 
requests below (if applicable). 


Repeat requests by Employees within the same month for non-data protection 
purposes to harass the employer The use of a SAR to preempt settlement 
negotiations particularly if facing redundancy - although exemptions may apply in 
certain circumstances Employees - the right of confidentiality, whistleblowing cases 
which may contain material about the data subject's actions against another 
Employee, such as bullying/harassment cases, this could harm to the individual 
making the claim against the Employee - this would prejudice the outcome of the 
case Thousands of emails, many repetitions and no scope, invasion of privacy rights 
of all - define what would be reasonably considered to be excessive - time worked 
for the private sector? If the Employee is under a live disciplinary for an alleged case 
of sexual harassment or has committed a crime 


Q5 Ona scale of 1-5 how useful is the draft guidance? 


1-Notatall 2-—Slightly Moderately 4-Very 5- Extremely 
useful useful useful useful useful 


© 


Q6 Why have you given this score? 


There are still a lot of grey areas which require further clarity and could be open to 
incorrect interpretation by a data controller 


Q7 To what extent do you agree that the draft guidance is clear and easy to understand? 


Strongly Neither agree Strongly 
disagree Disagree nor disagree Agree agree 


© 


Q8 Please provide any further comments or suggestions you may have about the draft 
guidance. 


In-depth guidance about CCTV access, social media access, SMS and photo images 


Q9 Are you answering as: 


ey An individual acting in a private capacity (eg someone providing their views as a 
— member of the public) 


© An individual acting in a professional capacity 
©.) On behalf of an organisation 

C) Other 

Please specify the name of your organisation: 


Q10 How did you find out about this survey? 
©) ICO Twitter account 
©) ICO Facebook account 
© ICO LinkedIn account 
©) ICO website 
©) ICO newsletter 
©) ICO staff member 
|) Colleague 
©) Personal/work Twitter account 
() Personal/work Facebook account 
©) Personal/work LinkedIn account 
©) Other 


Thank you for taking the time to complete the survey 


